Processed: Bug#884068 marked as pending in apache2
Processing control commands: > tag -1 pending Bug #884068 [apache2] autopkgtest to ensure http2 builds and works correctly Added tag(s) pending. -- 884068: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884068 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
apache2_2.4.46-6_sourceonly.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 10 Jun 2021 13:40:11 +0200 Source: apache2 Architecture: source Version: 2.4.46-6 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Changes: apache2 (2.4.46-6) unstable; urgency=medium . * Fix various low security issues (Closes: CVE-2020-13950, CVE-2020-35452, CVE-2021-26690, CVE-2021-26691, CVE-2021-30641) Checksums-Sha1: 6add28764df9dcbef92567119bb24db8e9b7d2e1 3501 apache2_2.4.46-6.dsc f74c5f442e12d1d94797a1d6bd15d7b1ecf505c1 883988 apache2_2.4.46-6.debian.tar.xz Checksums-Sha256: 68f9ccbeff15f3126a2a30026ba9522ac5946ff4314ec82b38d05a80e3728390 3501 apache2_2.4.46-6.dsc de23c04e760196167aa85273ddb1c9eafe4cebd8074eb5d1bf6e1436e206a8a2 883988 apache2_2.4.46-6.debian.tar.xz Files: ddbe49e01ebb5772827b14db2b54df32 3501 httpd optional apache2_2.4.46-6.dsc 25be1d4a8ad8c7669d6f7e3d3429242c 883988 httpd optional apache2_2.4.46-6.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmDB+5cACgkQ9tdMp8mZ 7umtOA//TIpMluENOoYnwtwJvA5Nis8Jqi+3yL0OsSYNNVxjcHAFjm4ObJkd5GWF cnDa9iD6MHMHNxlY/pH2g9gXXMxcbyxxG/x6zxrf+qlAqD22KAm0bR0TwJ023zSa erlwDzKU1eTPn28xc4TV3G4vhQSlFx45rb117e0iZ4xR6bp92D3jvpH6FqnSQFZg nYrU3PlZVln2L/yp7n/de2ni1kEYJzsOtm79256j3cwIJgEp4Snr4pEFm8WFQtWY cRESYtt/yAg3aHBoBVxM2DLVekwESfsbUiTWvFXb66/PVC8Ml/jMhhBPtNPR+LCl aaSogY8brjVSr1unbEPo95HOJOOmzig9choAF0ocdpsP0Kcxheb7VNENC6jBwKs+ nGH/AXHSR7EfgcRhM+bBZ3eWA8C9YUNsxa2sfeM9s2moCtBeFzNoEgSE3N88fG7o DvgVEFaMwpZS8f8l5Ym84nu905HAfN4th9099S9A7PSWjo8GTJ8/T8/tOUNTj1rJ Tbsjxcyk23kNhEunXIKfu/vRKZyPTVvM8SEbJRQU+0yM7bhfR1i2ntBJudQKPz8W 5MyruzvGJIwL9QntfpTqKL8nYvK7QipSTGx4KunIyrmHSe/ZtbVGb5vMN1BFtRut BnwRq7jK8lAqinnTDs7ZhpxJxhQ8q6E4fS3wLL8Ru02juvDhIxc= =leMe -END PGP SIGNATURE- Thank you for your contribution to Debian.
Processing of apache2_2.4.46-6_sourceonly.changes
apache2_2.4.46-6_sourceonly.changes uploaded successfully to localhost along with the files: apache2_2.4.46-6.dsc apache2_2.4.46-6.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org)
apache2_2.4.46-5_sourceonly.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 10 Jun 2021 11:57:38 +0200 Source: apache2 Architecture: source Version: 2.4.46-5 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Closes: 989562 Changes: apache2 (2.4.46-5) unstable; urgency=medium . * Fix "NULL pointer dereference on specially crafted HTTP/2 request" (Closes: #989562, CVE-2021-31618) Checksums-Sha1: 94ed6ebb8f0db140a310e2e62e5ec487c3979314 3501 apache2_2.4.46-5.dsc 524559f4a87cb22eae2f7a82dff872e83445e52e 882500 apache2_2.4.46-5.debian.tar.xz Checksums-Sha256: 1ece3d872ee0dd9a49b563034d35109a1e1b4d86bd7cc16b9f79d77c58ef0268 3501 apache2_2.4.46-5.dsc bf40072278b95384a9735897b638ca22de6dfb4b96ece428f65e81466a4c252b 882500 apache2_2.4.46-5.debian.tar.xz Files: 7b5472fa6b3c4afbd50e1abab88190f7 3501 httpd optional apache2_2.4.46-5.dsc 90bc28aaf94fefad506f01566086fb9a 882500 httpd optional apache2_2.4.46-5.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmDB5EkACgkQ9tdMp8mZ 7un+bg//UlwIj9KAp5x4LnXvabv1l5ybS0sL9h+SR/6jPf4WL266ECR9NA0JJnJB C59foMeQujInuQlkuR70OIc5IGsnQHTbOeUaoxhvrsm/GrZQULK/YfmMVn+MolPm 1iEm7jisIGn7njm2TBZJY1hhx8M7vcCuIMyDPJMjo9GXweLxh1j2tK046Z5nWIWZ YZB5M6QELEJZCZg0kel7/k5RxD7YS7tJAmZnu7YFj5+jr6Q5WkMNxnWV9qWK5Pq5 WGWvCk9QTXca8b/lRAZA2nnPmMXm4qQck9HD4lk4FROd13mKLSUJT1znariayo47 Q0oD32pVh8HymrNvAWxz7KduFNT1sB9OKxqwRglRWuYm/G7gp/ksmE1Zo+jHUhNI gFv3U/YgvnGNz8sU0U+sEv7wq8EhkZHZ+smrzHUzUjcC/3rQhJaW3L1udqsHTbZO uQ7LBZmlQclGDvVOKTDRMnkev5yL3WuOc1haNMFV9ZLxGIsGZh9DUpakr3TAjsSi lnV2f/TMCe63RVfQqG/2ivIS0VWp03Flsw1csSdJ8iHPdwBDLIv+4jlIvCWRgfu9 pVU2rB/WVICx5bs5+R0zTfXuxfv055quehKdiD0TObiWHQndrzWuzpBNC1PpXTfN JZlTsB5V/X0vzLuWMtx0Wb0SSXX430gOU5ODOcfjSBD0VqcMikc= =vDcd -END PGP SIGNATURE- Thank you for your contribution to Debian.
Processing of apache2_2.4.46-5_sourceonly.changes
apache2_2.4.46-5_sourceonly.changes uploaded successfully to localhost along with the files: apache2_2.4.46-5.dsc apache2_2.4.46-5.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org)
Bug#989562: marked as done (apache2: CVE-2021-31618: NULL pointer dereference on specially crafted HTTP/2 request)
Your message dated Thu, 10 Jun 2021 10:18:27 + with message-id and subject line Bug#989562: fixed in apache2 2.4.46-5 has caused the Debian Bug report #989562, regarding apache2: CVE-2021-31618: NULL pointer dereference on specially crafted HTTP/2 request to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 989562: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: apache2 Version: 2.4.47-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for apache2. CVE-2021-31618[0]: | httpd: NULL pointer dereference on specially crafted HTTP/2 request If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-31618 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618 [1] https://github.com/apache/httpd/commit/a4fba223668c554e06bc78d6e3a88f33d4238ae4 [2] https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.46-5 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 989...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 10 Jun 2021 11:57:38 +0200 Source: apache2 Architecture: source Version: 2.4.46-5 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Closes: 989562 Changes: apache2 (2.4.46-5) unstable; urgency=medium . * Fix "NULL pointer dereference on specially crafted HTTP/2 request" (Closes: #989562, CVE-2021-31618) Checksums-Sha1: 94ed6ebb8f0db140a310e2e62e5ec487c3979314 3501 apache2_2.4.46-5.dsc 524559f4a87cb22eae2f7a82dff872e83445e52e 882500 apache2_2.4.46-5.debian.tar.xz Checksums-Sha256: 1ece3d872ee0dd9a49b563034d35109a1e1b4d86bd7cc16b9f79d77c58ef0268 3501 apache2_2.4.46-5.dsc bf40072278b95384a9735897b638ca22de6dfb4b96ece428f65e81466a4c252b 882500 apache2_2.4.46-5.debian.tar.xz Files: 7b5472fa6b3c4afbd50e1abab88190f7 3501 httpd optional apache2_2.4.46-5.dsc 90bc28aaf94fefad506f01566086fb9a 882500 httpd optional apache2_2.4.46-5.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmDB5EkACgkQ9tdMp8mZ 7un+bg//UlwIj9KAp5x4LnXvabv1l5ybS0sL9h+SR/6jPf4WL266ECR9NA0JJnJB C59foMeQujInuQlkuR70OIc5IGsnQHTbOeUaoxhvrsm/GrZQULK/YfmMVn+MolPm 1iEm7jisIGn7njm2TBZJY1hhx8M7vcCuIMyDPJMjo9GXweLxh1j2tK046Z5nWIWZ YZB5M6QELEJZCZg0kel7/k5RxD7YS7tJAmZnu7YFj5+jr6Q5WkMNxnWV9qWK5Pq5 WGWvCk9QTXca8b/lRAZA2nnPmMXm4qQck9HD4lk4FROd13mKLSUJT1znariayo47 Q0oD32pVh8HymrNvAWxz7KduFNT1sB9OKxqwRglRWuYm/G7gp/ksmE1Zo+jHUhNI gFv3U/YgvnGNz8sU0U+sEv7wq8EhkZHZ+smrzHUzUjcC/3rQhJaW3L1udqsHTbZO uQ7LBZmlQclGDvVOKTDRMnkev5yL3WuOc1haNMFV9ZLxGIsGZh9DUpakr3TAjsSi lnV2f/TMCe63RVfQqG/2ivIS0VWp03Flsw1csSdJ8iHPdwBDLIv+4jlIvCWRgfu9 pVU2rB/WVICx5bs5+R0zTfXuxfv055quehKdiD0TObiWHQndrzWuzpBNC1PpXTfN JZlTsB5V/X0vzLuWMtx0Wb0SSXX430gOU5ODOcfjSBD0VqcMikc= =vDcd -END PGP SIGNATURE End Message ---
Processed: Bug#989562 marked as pending in apache2
Processing control commands: > tag -1 pending Bug #989562 [src:apache2] apache2: CVE-2021-31618: NULL pointer dereference on specially crafted HTTP/2 request Ignoring request to alter tags of bug #989562 to the same tags previously set -- 989562: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Bug#989562 marked as pending in apache2
Processing control commands: > tag -1 pending Bug #989562 [src:apache2] apache2: CVE-2021-31618: NULL pointer dereference on specially crafted HTTP/2 request Ignoring request to alter tags of bug #989562 to the same tags previously set -- 989562: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Bug#989562 marked as pending in apache2
Processing control commands: > tag -1 pending Bug #989562 [src:apache2] apache2: CVE-2021-31618: NULL pointer dereference on specially crafted HTTP/2 request Ignoring request to alter tags of bug #989562 to the same tags previously set -- 989562: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Bug#989562 marked as pending in apache2
Processing control commands: > tag -1 pending Bug #989562 [src:apache2] apache2: CVE-2021-31618: NULL pointer dereference on specially crafted HTTP/2 request Ignoring request to alter tags of bug #989562 to the same tags previously set -- 989562: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Bug#989562 marked as pending in apache2
Processing control commands: > tag -1 pending Bug #989562 [src:apache2] apache2: CVE-2021-31618: NULL pointer dereference on specially crafted HTTP/2 request Ignoring request to alter tags of bug #989562 to the same tags previously set -- 989562: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Bug#989562 marked as pending in apache2
Processing control commands: > tag -1 pending Bug #989562 [src:apache2] apache2: CVE-2021-31618: NULL pointer dereference on specially crafted HTTP/2 request Added tag(s) pending. -- 989562: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems